[RFC][NSE] FTP bounce scan implemented as NSE script

[Daniel Miller <bonsaiviking () gmail com>]

List,

FTP bounce scans are ancient, but Nmap remains one of the tools that
is used to perform them. I recently refactored the FTP bounce scan
code out of the rest of Nmap's files into nmap_ftp.{h,cc}, with the
goal of replacing it with a NSE script.

The attached script is my attempt to clone the logic in nmap_ftp.cc. I
have run it against scanme.nmap.org via several servers on the
Internet, and the results are inconclusive: No server gives a
completely accurate scan. I have also failed to set up a vulnerable
FTP server, since pretty much every ftpd will now refuse PORT commands
with third-party IP addresses.

I need testers, and I need eyes on this code. I suspect that it could
be made cleaner, and I think there is room for accuracy improvement,
but I don't have a good test environment to be sure.

Thanks,

Dan

Attachment: ftp-bounce-scan.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/